Abstract
This paper presents a malware classification approach which aims to improve precision and support scalability. To this end, a hybrid approach combining both static and dynamic features is adopted. The hybrid approach has the advantage of being a complete and robust solution to evasion techniques used by malware writers.
The proposed methodology allowed achieving a very promising accuracy of 99.41% in classifying malware into families while considerably reducing the feature space compared to competing approaches in the literature.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hex-Rays. IDA Pro. https://www.hex-rays.com/products/ida/
Hexcorn Ltd. HexDive. www.hexacorn.com
Vxheaven. www.vxheaven.org
Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178–197. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74320-0_10
Bayer, U., Comparetti, P.M., Hlauscheck, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: Proceedings of the 16th Symposium on Network and Distributed System Security (NDSS 2009), February 2009
Canzanese, R., Mancoridis, S., Kam, M.: Run-time classification of malicious processes using system call analysis. In: Proceedings of the 10th International Conference on Malicious and Unwanted Software (MALWARE 2015), pp. 21–28. IEEE, October 2015
Cesare, S., Xiang, Y., Zhou, W.: Malwise-an effective and efficient classification system for packed and polymorphic malware. IEEE Trans. Comput. 62(6), 1193–1206 (2013)
Chandramohan, M., Tan, H.B.K., Shar, L.K.: Scalable malware clustering through coarse-grained behavior modeling. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (FSE 2012), pp. 27:1–27:4. ACM, November 2012
Gandotra, E., Bansal, D., Sofat, S.: Integrated framework for classification of malwares. In: Proceedings of the 7th International Conference on Security of Information Networks (SIN 2014), pp. 417:417–417:422. ACM (2014)
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explor. Newsl. 11(1), 10–18 (2009)
Islam, R., Tian, R., Batten, L., Versteeg, S.: Classification of malware based on string and function feature selection. In: Proceedings of 2nd Cybercrime and Trustworthy Computing Workshop (CTC 2010), pp. 9–17. IEEE, July 2010
Islam, R., Tian, R., Batten, L.M., Versteeg, S.: Classification of malware based on intergrated static and dynamic features. J. Netw. Comput. Appl. 36, 646–656 (2013)
Kolter, J., Maloof, M.: Learning to detect malicious executables in the wild. In: Proceedings of the 10th ACM International Conferernce on Knowledge Discovery and Data Mining (SIGKDD 2004), pp. 470–478. ACM, August 2004
Lee, T., Mody, J.J.: Behavioral classification. In: Proceedings of the 15th Annual Conference of the European Institute for Computer Antivirus Research (EICAR 2006), April 2006
Mekky, H., Mohaisen, A., Zhang, Z.-L.: Separation of benign and malicious network events for accurate malware family classification. In: Proceedings of the IEEE Conference on Communications and Network Security (CNS 2015), pp. 125–133. IEEE, September 2015
Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), pp. 421–430. IEEE, December 2007
Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108–125. Springer, Heidelberg (2008). doi:10.1007/978-3-540-70542-0_6
Santos, I., Brezo, F., Nieves, J., Penya, Y.K., Sanz, B., Laorden, C., Bringas, P.G.: Idea: opcode-sequence-based malware detection. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 35–43. Springer, Heidelberg (2010). doi:10.1007/978-3-642-11747-3_3
Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G.: OPEM: a static-dynamic approach for machine learning based malware detection. In: Herrero, Á. (ed.) International Joint Conference CISIS’12-ICEUTE’12-SOCO’12 Special Sessions. AISC, vol. 189, pp. 271–280. Springer, Heidelberg (2013)
Schultz, M., Eskin, M., Zadok, E., Stolfo, F.: Data mining methods for detection of new malicious executables. In: Proceedings of the 22nd IEEE Symposium on Security and Privacy (S&P 2001), pp. 38–49. IEEE, May 2001
Siddiqui, M., Wang, M.C., Lee, J.: Data mining methods for malware detection using instruction sequences. In: Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications (AIA 2008), pp. 358–368, February 2008
Sikorski, M., Honig, A.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, 1st edn. No Starch Press, San Francisco (2012)
Stolfo, S., Wang, K., Li, W.-J.: Towards stealthy malware detection. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds.) Malware Detection, pp. 231–249. Springer, Heidelberg (2007)
Tian, R., Batten, L., Islam, R., Versteeg, S.: An automated classification system based on the strings of trojan and virus families. In: Proceedings of 4th International Conference on Malicious and Unwanted Software (MALWARE 2009), pp. 23–30. IEEE, October 2009
Tian, R., Batten, L.M., Versteeg, S.C.: Function length as a tool for malware classification. In: Proceedings of the 3rd International Conference on Malicious and Unwanted Software (MALWARE 2008), pp. 69–76. IEEE, October 2008
Tian, R., Islam, R., Batten, L., Versteeg, S.: Differentiating malware from cleanware using behavioural analysis. In: Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE 2010), pp. 23–30. IEEE, October 2010
Wang, C., Pang, J., Zhao, R., Liu, X.: Using API sequence and Bayes algorithm to detect suspicious behavior. In: Proceedings of the International Conference on Communication Software and Networks (ICCSN 2009), pp. 544–548. IEEE, February 2009
Ye, Y., Li, T., Chen, Y., Jiang, Q.: Automatic malware categorization using cluster ensemble. In: Proceedings of the 16th ACM International Conference on Knowledge Discovery and Data Mining (SIGKDD 2016), pp. 95–104. ACM, July 2010
Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 116–127. ACM (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Bounouh, T., Brahimi, Z., Al-Nemrat, A., Benzaid, C. (2016). A Scalable Malware Classification Based on Integrated Static and Dynamic Features. In: Jahankhani, H., et al. Global Security, Safety and Sustainability - The Security Challenges of the Connected World. ICGS3 2017. Communications in Computer and Information Science, vol 630. Springer, Cham. https://doi.org/10.1007/978-3-319-51064-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-51064-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-51063-7
Online ISBN: 978-3-319-51064-4
eBook Packages: Computer ScienceComputer Science (R0)